Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 2ca6ccd8796707dd8231ce578da9183153b8632f / . / flake.nix
blob: 3eb97d410b440ba141e80f6fe367e611696b3bac [file] [log] [blame]
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]1{
2 description = "A flake to deploy and configure Clicks' NixOS server";
3
Skyler Grey07c947a2023-06-08 14:11:23 +0200[diff] [blame]4 inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
Skyler Greyb30f5dd2023-09-01 21:02:44 +0000[diff] [blame]5 inputs.nixpkgs-clicksforms.url = "github:nixos/nixpkgs/nixos-22.05";
Skyler Grey061574c2023-05-01 21:39:24 +0000[diff] [blame]6 inputs.flake-utils.url = "github:numtide/flake-utils";
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]7 inputs.deploy-rs.url = "github:serokell/deploy-rs";
Skyler Grey07c947a2023-06-08 14:11:23 +0200[diff] [blame]8 inputs.home-manager.url = "github:nix-community/home-manager/release-23.05";
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]9 inputs.sops-nix.url = "github:Mic92/sops-nix";
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]10 inputs.scalpel.url = "github:polygon/scalpel";
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]11
Skyler Greyfed0bb12023-05-01 21:42:03 +0000[diff] [blame]12 inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
Skyler Greyfed0bb12023-05-01 21:42:03 +0000[diff] [blame]13
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]14 inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
15
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]16 inputs.scalpel.inputs.nixpkgs.follows = "nixpkgs";
17 inputs.scalpel.inputs.sops-nix.follows = "sops-nix";
18
Skyler Grey9fe61282023-08-20 21:52:48 +0000[diff] [blame]19 inputs.nixpkgs-privatebin.url = "github:e1mo/nixpkgs/privatebin";
20
Skyler Grey2ca6ccd2023-10-14 22:56:43 +0000[diff] [blame^]21 inputs.helpers.url = "git+https://git.clicks.codes/Clicks/NixHelpers";
22
Skyler Grey9fe61282023-08-20 21:52:48 +0000[diff] [blame]23 outputs =
24 { self
25 , nixpkgs
26 , deploy-rs
27 , home-manager
28 , sops-nix
29 , scalpel
30 , nixpkgs-privatebin
Skyler Grey2ca6ccd2023-10-14 22:56:43 +0000[diff] [blame^]31 , helpers
Skyler Grey9fe61282023-08-20 21:52:48 +0000[diff] [blame]32 , ...
33 }@inputs:
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]34 let
35 system = "x86_64-linux";
36 pkgs = import nixpkgs {
37 inherit system;
38 config.allowUnfree = true;
Skyler Grey9fe61282023-08-20 21:52:48 +0000[diff] [blame]39 overlays = [
40 (final: prev: { inherit (nixpkgs-privatebin.legacyPackages.${system}) privatebin pbcli; })
41 ];
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]42 };
43 in
Skyler Greyb3516c22023-05-24 19:17:11 +0200[diff] [blame]44 rec {
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]45 nixosConfigurations.clicks =
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]46 let
47 base = nixpkgs.lib.nixosSystem {
48 inherit system pkgs;
49 modules = [
50 ./default/configuration.nix
51 ./default/hardware-configuration.nix
Skyler Grey703e75a2023-06-08 13:39:50 +0200[diff] [blame]52 ./modules/cache.nix
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]53 ./modules/clamav.nix
Skyler Grey5e2bc9e2023-08-24 21:58:52 +0000[diff] [blame]54 ./modules/cloudflare-ddns.nix
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]55 ./modules/dmarc.nix
56 ./modules/dnsmasq.nix
57 ./modules/doas.nix
58 ./modules/docker.nix
Skyler Grey87a11552023-06-14 23:02:25 +0200[diff] [blame]59 ./modules/drivePaths.nix
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]60 ./modules/ecryptfs.nix
61 ./modules/fail2ban.nix
Skyler Grey08758a62023-10-09 07:35:09 +0000[diff] [blame]62 ./modules/gerrit.nix
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]63 ./modules/git.nix
64 ./modules/grafana.nix
65 ./modules/home-manager-users.nix
Skyler Grey0e05d262023-10-09 07:04:36 +0000[diff] [blame]66 ./modules/keycloak.nix
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]67 ./modules/kitty.nix
Skyler Grey480fd8b2023-05-24 19:11:16 +0200[diff] [blame]68 ./modules/loginctl-linger.nix
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]69 ./modules/matrix.nix
70 ./modules/mongodb.nix
Skyler Grey2ca6ccd2023-10-14 22:56:43 +0000[diff] [blame^]71 ./modules/networking.nix
Skyler Grey09c5cda2023-10-09 07:10:10 +0000[diff] [blame]72 ./modules/nextcloud.nix
Skyler Grey2ca6ccd2023-10-14 22:56:43 +0000[diff] [blame^]73 ./modules/nginx-routes.nix
74 ./modules/nginx.nix
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]75 ./modules/node.nix
76 ./modules/postgres.nix
Skyler Grey9fe61282023-08-20 21:52:48 +0000[diff] [blame]77 ./modules/privatebin.nix
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]78 ./modules/samba.nix
79 ./modules/scalpel.nix
Skyler Grey07c947a2023-06-08 14:11:23 +0200[diff] [blame]80 ./modules/ssh.nix
Skyler Grey5b2c0382023-05-29 11:09:05 +0200[diff] [blame]81 ./modules/static-ip.nix
Skyler Grey87a11552023-06-14 23:02:25 +0200[diff] [blame]82 ./modules/syncthing.nix
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]83 ./modules/tesseract.nix
Skyler Grey87a11552023-06-14 23:02:25 +0200[diff] [blame]84 ./modules/vaultwarden.nix
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]85 sops-nix.nixosModules.sops
Skyler Grey9fe61282023-08-20 21:52:48 +0000[diff] [blame]86 "${nixpkgs-privatebin}/nixos/modules/services/web-apps/privatebin.nix"
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]87 {
88 users.mutableUsers = false;
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]89 }
90 ];
Skyler Grey2ca6ccd2023-10-14 22:56:43 +0000[diff] [blame^]91 specialArgs = {
92 base = null;
93 drive_paths = import ./variables/drive_paths.nix;
94 inherit system;
95 helpers = helpers.helpers { inherit pkgs; };
96 };
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]97 };
98 in
99 base.extendModules {
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]100 modules = [
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]101 scalpel.nixosModules.scalpel
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]102 ];
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]103 specialArgs = { inherit base; };
Skyler Grey4f3e6062023-03-04 01:29:29 +0000[diff] [blame]104 };
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]105
Skyler Greyb3516c22023-05-24 19:17:11 +0200[diff] [blame]106 nixosConfigurations.clicks-without-mongodb =
107 nixosConfigurations.clicks.extendModules {
108 modules = [
109 { services.mongodb.enable = nixpkgs.lib.mkForce false; }
110 ];
111 };
112
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]113 deploy.nodes.clicks = {
114 sudo = "doas -u";
115 profiles = {
116 system = {
117 remoteBuild = true;
118 user = "root";
119 path = deploy-rs.lib.x86_64-linux.activate.nixos
120 self.nixosConfigurations.clicks;
121 };
122 } // (
123 let
124 mkServiceConfig = service: {
125 remoteBuild = true;
126 user = service;
127
128 profilePath = "/nix/var/nix/profiles/per-user/${service}/home-manager";
129 path =
130 deploy-rs.lib.x86_64-linux.activate.home-manager (home-manager.lib.homeManagerConfiguration
131 {
132 inherit pkgs;
133 modules = [
134 {
135 home.homeDirectory = "/services/${service}";
136 home.username = service;
137 home.stateVersion = "22.11";
138 programs.home-manager.enable = true;
139 }
140 "${./services}/${service}"
141 ];
Skyler Greyb30f5dd2023-09-01 21:02:44 +0000[diff] [blame]142 extraSpecialArgs = { inherit (inputs) nixpkgs-clicksforms; inherit system; };
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]143 });
144 };
145 in
146 nixpkgs.lib.pipe ./services [
147 builtins.readDir
148 (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
149 builtins.attrNames
150 (map (name: {
151 inherit name; value = mkServiceConfig name;
152 }))
153 builtins.listToAttrs
154 ]
Skyler Grey5b2c0382023-05-29 11:09:05 +0200[diff] [blame]155 ) // (
156 let
157 mkBlankConfig = username:
158 {
159 remoteBuild = true;
160 user = username;
161
162 profilePath = "/nix/var/nix/profiles/per-user/${username}/home-manager";
163 path =
164 deploy-rs.lib.x86_64-linux.activate.home-manager (home-manager.lib.homeManagerConfiguration
165 {
166 inherit pkgs;
167 modules = [
168 {
169 home.username = username;
170 home.stateVersion = "22.11";
171 programs.home-manager.enable = true;
172 }
173 "${./homes}/${username}"
174 ];
175 });
176 };
177 in
178 nixpkgs.lib.pipe ./homes [
179 builtins.readDir
180 (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
181 builtins.attrNames
182 (map (name: {
183 inherit name; value = mkBlankConfig name;
184 }))
185 builtins.listToAttrs
186 ]
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]187 );
188 hostname = "clicks";
189 profilesOrder = [ "system" ];
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]190 };
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]191
Skyler Greyb30f5dd2023-09-01 21:02:44 +0000[diff] [blame]192 devShells.x86_64-linux.default = pkgs.mkShell {
193 packages = [ pkgs.deploy-rs ];
194 };
195
Skyler Grey2ca6ccd2023-10-14 22:56:43 +0000[diff] [blame^]196 formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]197 };
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]198}